Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

CVE-2024-24919: Check Point's Quantum Gateway comes under Attack as Hackers exploit Zero-Day Vulnerability

Check Point Cybersecurity has issued hotfixes to address a zero-day vulnerability in its VPNs that has been exploited to gain remote access to firewalls and potentially infiltrate corporate networks. On 27.04.2024 (Monday), the company initially alerted customers to an increase in attacks targeting VPN devices, offering guidance on how administrators can safeguard their systems.

Understanding Broken Function Level Authorization

Application Programming Interfaces (APIs) allow your applications to talk to one another, like an application-to-application iMessage or Signal. If you’ve ever texted a message to the wrong group chat, you’ve created a situation that mimics what broken function level authentication does between users and applications.

Vulnerabilities in BIG-IP Next Central Manager allows control of managed devices

In May 2024, new vulnerabilities have been identified in BIG-IP Next Central Manager, raising considerable security concerns. This discovery follows closely on the heels of a critical vulnerability revealed in April within Palo Alto's firewalls with enabled GlobalProtect feature, which permitted unauthorized command execution. These recent findings underscore the persistent challenges in ensuring cybersecurity defenses and prompt updates for security solutions themselves.

Dell Data Breach: Personal Information of 49 Million Customers Compromised due to latest API Abuse

Dell recently issued a notice regarding a data breach that occurred on May 9, which has reportedly affected over 49 million customers across the globe. According to a report by BleepingComputer, Dell initiated the distribution of notifications cautioning its customers that their personally identifiable information (PII) had been compromised in a data breach.

The Dell API Breach: It could have been prevented

As you may have seen in the news, a hacker stole 49 million customer records from Dell. The attack wasn’t novel or sophisticated. Instead, the attacker used a business logic flaw and an API to scrape 49 million records from Dell. How did they do it? Here is the attack flow. The attacker registered for an account within the Dell ecosystem to be a reseller/partner. They weren’t going to be. But Dell didn’t perform any checks, and within 48 hours, the attacker had a valid account.

Enabling GenAI with AI-infused API Security

GenAI has the promise to transform companies, and introduce a lot of security risk. One of the main benefits of GenAI relates to the modernization of apps. Most companies are going through some type of app modernization. They are responding to the market by delivering better and better experiences to their customers. This is largely done through the experience people have with their apps. This ranges from banking to healthcare to travel and everywhere in between.

Best API Security Product: Wallarm wins 2024 Cybersecurity Excellence Award

We are thrilled to announce that Wallarm has clinched the sought-after 2024 Cybersecurity Excellence Award, under the category Best API Security Product. Our unwavering commitment to pioneering solutions that safeguard digital ecosystems, and fortify API security amidst the evolving cyber threat landscape, has garnered industry-wide recognition. This accolade reaffirms Wallarm's position at the forefront of cybersecurity innovation, empowering businesses with confidence and resilience.

Tracking CVE-2024-2876: Why does the latest WordPress exploit compromise over 90,000 websites?

A highly concerning security loophole was recently discovered in a WordPress plugin called "Email Subscribers by Icegram Express," a popular tool utilized by a vast network of over 90,000+ websites. Officially designated as CVE-2024-2876 with a CVSS score of 9.8 (critical), the vulnerability represents a significant threat as it exposes numerous websites to potential attacks.

Introducing the Wallarm Q1 2024 API ThreatStats Report

As we have in previous editions of the ThreatStats report, we highlight the industry’s top API-related attacks and trends. New to this version, however, is a detailed analysis of API attacks targeting AI-based applications, representing a new and rapidly expanding threat vector. And while we encourage you to download the full report, here are some key observations about what you’ll find within. API threats to AI applications are clearly on the rise.